roboform flaw

Discussion in 'other security issues & news' started by whippy, Apr 29, 2008.

Thread Status:
Not open for further replies.
  1. whippy

    whippy Registered Member

    Joined:
    Apr 29, 2008
    Posts:
    1
    Hi There is a major security flaw in Roboform as it does not encyrpt your passwords in the default folder while in use ,that means if you are hacked it is easy read , I personally was shocked to note this when told by another user …so I strongly recommend you dont use it for important passwords eg bank accounts ….after emailing roboform the agree that is the way it is and until they fix it I wouldnt use it again . I was a great beleiver in it until I was shown this flaw
    I personally assumed that roboform encrpted the default folder where it stores the passwords in , but it doesnt according to Roboform support unless you log out of roboform .
    Now nowhere does it explain this in the installation notes . I have never bothered logging out of roboform to me this is a major security flaw if you have important passwords say bank accounts stored in it .
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,801
    Location:
    Stockholm Sweden
    Thanks for the info.
    I only use the firefox extension but I guess I am logged in as long as the firefox session is open (and if I have entered the master password once)
    Personally I dont worry much about being hacked, I have other layers, but I agree that a software that claims to secure the users passwords should not have this security hole. I hope Roboform does the right thing soon.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.